support forced password changes in self service (bug 3483907)
This commit is contained in:
Roland Gruber
parent
252e8682bf
commit
3b2760c6ff
|
|
@ -1231,11 +1231,12 @@ abstract class baseModule {
|
|||
*
|
||||
* @param array $fields list of active fields
|
||||
* @param array $attributes attributes of LDAP account
|
||||
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||
* @return htmlElement meta HTML object
|
||||
*
|
||||
* @see htmlElement
|
||||
*/
|
||||
public function getSelfServiceOptions($fields, $attributes) {
|
||||
public function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
|
||||
// this function must be overwritten by subclasses.
|
||||
return array();
|
||||
}
|
||||
|
|
@ -1253,9 +1254,10 @@ abstract class baseModule {
|
|||
*
|
||||
* @param string $fields input fields
|
||||
* @param array $attributes LDAP attributes
|
||||
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
|
||||
*/
|
||||
public function checkSelfServiceOptions($fields, $attributes) {
|
||||
public function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
|
||||
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
|
||||
return $return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1577,11 +1577,12 @@ class asteriskAccount extends baseModule implements passwordService {
|
|||
*
|
||||
* @param string $fields input fields
|
||||
* @param array $attributes LDAP attributes
|
||||
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
|
||||
*/
|
||||
function checkSelfServiceOptions($fields, $attributes) {
|
||||
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
|
||||
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
|
||||
if (!in_array_ignore_case('AsteriskSIPUser', $attributes['objectClass'])) {
|
||||
if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskSIPUser', $attributes['objectClass'])) {
|
||||
return $return;
|
||||
}
|
||||
if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) {
|
||||
|
|
|
|||
|
|
@ -587,11 +587,12 @@ class asteriskVoicemail extends baseModule implements passwordService {
|
|||
*
|
||||
* @param string $fields input fields
|
||||
* @param array $attributes LDAP attributes
|
||||
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
|
||||
*/
|
||||
function checkSelfServiceOptions($fields, $attributes) {
|
||||
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
|
||||
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
|
||||
if (!in_array_ignore_case('AsteriskVoiceMail', $attributes['objectClass'])) {
|
||||
if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskVoiceMail', $attributes['objectClass'])) {
|
||||
return $return;
|
||||
}
|
||||
if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) {
|
||||
|
|
|
|||
|
|
@ -2478,10 +2478,14 @@ class inetOrgPerson extends baseModule implements passwordService {
|
|||
*
|
||||
* @param array $fields list of active fields
|
||||
* @param array $attributes attributes of LDAP account
|
||||
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||
* @return array meta HTML
|
||||
*/
|
||||
function getSelfServiceOptions($fields, $attributes) {
|
||||
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
|
||||
$return = array();
|
||||
if ($passwordChangeOnly) {
|
||||
return $return; // no fields as long no LDAP content can be read
|
||||
}
|
||||
if (in_array('firstName', $fields)) {
|
||||
$firstName = '';
|
||||
if (isset($attributes['givenName'][0])) $firstName = $attributes['givenName'][0];
|
||||
|
|
@ -2677,10 +2681,14 @@ class inetOrgPerson extends baseModule implements passwordService {
|
|||
*
|
||||
* @param string $fields input fields
|
||||
* @param array $attributes LDAP attributes
|
||||
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
|
||||
*/
|
||||
function checkSelfServiceOptions($fields, $attributes) {
|
||||
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
|
||||
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
|
||||
if ($passwordChangeOnly) {
|
||||
return $return; // skip processing if only a password change is done
|
||||
}
|
||||
$attributeNames = array(); // list of attributes which should be checked for modification
|
||||
$attributesNew = $attributes;
|
||||
// first name
|
||||
|
|
|
|||
|
|
@ -818,9 +818,13 @@ class kolabUser extends baseModule {
|
|||
*
|
||||
* @param array $fields list of active fields
|
||||
* @param array $attributes attributes of LDAP account
|
||||
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||
* @return array meta HTML
|
||||
*/
|
||||
function getSelfServiceOptions($fields, $attributes) {
|
||||
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
|
||||
if ($passwordChangeOnly) {
|
||||
return array(); // no Kolab fields as long no LDAP content can be read
|
||||
}
|
||||
if (!in_array('kolabInetOrgPerson', $attributes['objectClass'])) {
|
||||
return array();
|
||||
}
|
||||
|
|
@ -926,10 +930,14 @@ class kolabUser extends baseModule {
|
|||
*
|
||||
* @param string $fields input fields
|
||||
* @param array $attributes LDAP attributes
|
||||
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
|
||||
*/
|
||||
function checkSelfServiceOptions($fields, $attributes) {
|
||||
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
|
||||
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
|
||||
if ($passwordChangeOnly) {
|
||||
return $return; // skip processing if only a password change is done
|
||||
}
|
||||
if (!in_array_ignore_case('kolabInetOrgPerson', $attributes['objectClass'])) {
|
||||
return $return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2067,9 +2067,10 @@ class posixAccount extends baseModule implements passwordService {
|
|||
*
|
||||
* @param array $fields list of active fields
|
||||
* @param array $attributes attributes of LDAP account
|
||||
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||
* @return array meta HTML
|
||||
*/
|
||||
function getSelfServiceOptions($fields, $attributes) {
|
||||
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
|
||||
$return = array();
|
||||
if (in_array('password', $fields)) {
|
||||
$pwdTable = new htmlTable();
|
||||
|
|
@ -2084,6 +2085,9 @@ class posixAccount extends baseModule implements passwordService {
|
|||
$pwdTable
|
||||
));
|
||||
}
|
||||
if ($passwordChangeOnly) {
|
||||
return $return; // only password fields as long no LDAP content can be read
|
||||
}
|
||||
if (in_array('cn', $fields)) {
|
||||
$cn = '';
|
||||
if (isset($attributes['cn'][0])) $cn = $attributes['cn'][0];
|
||||
|
|
@ -2115,9 +2119,10 @@ class posixAccount extends baseModule implements passwordService {
|
|||
*
|
||||
* @param string $fields input fields
|
||||
* @param array $attributes LDAP attributes
|
||||
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
|
||||
*/
|
||||
function checkSelfServiceOptions($fields, $attributes) {
|
||||
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
|
||||
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
|
||||
if (in_array('password', $fields)) {
|
||||
if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) {
|
||||
|
|
@ -2145,6 +2150,9 @@ class posixAccount extends baseModule implements passwordService {
|
|||
}
|
||||
}
|
||||
}
|
||||
if ($passwordChangeOnly) {
|
||||
return $return; // skip processing if only a password change is done
|
||||
}
|
||||
if (in_array('cn', $fields)) {
|
||||
if (isset($_POST['posixAccount_cn']) && ($_POST['posixAccount_cn'] != '')) {
|
||||
if (!get_preg($_POST['posixAccount_cn'], 'cn')) {
|
||||
|
|
|
|||
|
|
@ -2090,11 +2090,12 @@ class sambaSamAccount extends baseModule implements passwordService {
|
|||
*
|
||||
* @param string $fields input fields
|
||||
* @param array $attributes LDAP attributes
|
||||
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
|
||||
*/
|
||||
function checkSelfServiceOptions($fields, $attributes) {
|
||||
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
|
||||
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
|
||||
if (!in_array_ignore_case('sambaSamAccount', $attributes['objectClass'])) {
|
||||
if (!isset($attributes['objectClass']) || !in_array_ignore_case('sambaSamAccount', $attributes['objectClass'])) {
|
||||
return $return;
|
||||
}
|
||||
if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) {
|
||||
|
|
|
|||
|
|
@ -90,15 +90,16 @@ function getSelfServiceFieldSettings($scope) {
|
|||
* @param string $scope account type
|
||||
* @param array $fields input fields (array(<moduleName> => array(<field1>, <field2>, ...)))
|
||||
* @param array $attributes LDAP attributes (attribute names in lower case)
|
||||
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||
* @return array meta HTML code (array(<moduleName> => htmlTableRow))
|
||||
*/
|
||||
function getSelfServiceOptions($scope, $fields, $attributes) {
|
||||
function getSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly) {
|
||||
$return = array();
|
||||
$modules = getAvailableModules($scope);
|
||||
for ($i = 0; $i < sizeof($modules); $i++) {
|
||||
if (!isset($fields[$modules[$i]])) continue;
|
||||
$m = new $modules[$i]($scope);
|
||||
$code = $m->getSelfServiceOptions($fields[$modules[$i]], $attributes);
|
||||
$code = $m->getSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly);
|
||||
if (sizeof($code) > 0) $return[$modules[$i]] = $code;
|
||||
}
|
||||
return $return;
|
||||
|
|
@ -111,15 +112,16 @@ function getSelfServiceOptions($scope, $fields, $attributes) {
|
|||
* @param string $scope account type
|
||||
* @param string $fields input fields (array(<moduleName> => array(<field1>, <field2>, ...)))
|
||||
* @param array $attributes LDAP attributes
|
||||
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
|
||||
* @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array()))
|
||||
*/
|
||||
function checkSelfServiceOptions($scope, $fields, $attributes) {
|
||||
function checkSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly) {
|
||||
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
|
||||
$modules = getAvailableModules($scope);
|
||||
for ($i = 0; $i < sizeof($modules); $i++) {
|
||||
if (!isset($fields[$modules[$i]])) continue;
|
||||
$m = new $modules[$i]($scope);
|
||||
$result = $m->checkSelfServiceOptions($fields[$modules[$i]], $attributes);
|
||||
$result = $m->checkSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly);
|
||||
if (sizeof($result['messages']) > 0) $return['messages'] = array_merge($result['messages'], $return['messages']);
|
||||
if (sizeof($result['add']) > 0) $return['add'] = array_merge($result['add'], $return['add']);
|
||||
if (sizeof($result['del']) > 0) $return['del'] = array_merge($result['del'], $return['del']);
|
||||
|
|
|
|||
Loading…
Reference in New Issue